Staff

On DNS leak test, it says

"WARNING: If you are connected to an anonymity/privacy service and ANY of the servers listed below are from your ISP then your DNS is leaking. (You should be able to recognise them based on the hostname and location)."

Hello!

Well, the above statement from that website actually is not totally accurate. Our system is perfectly capable to route/forward DNS queries inside the tunnel to your favorite DNS servers (that Windows does not act properly and sends queries under certain circumstances outside the tunnel is a different matter), receive the reply and send it to you encrypted. So, if your ISP DNS servers are public AND your DNS queries are tunneled, you have no DNS leaks but you will see anyway your ISP DNS in the test. The difference is that your ISP DNS will not see those queries coming from you, but from our VPN servers.

So the location is in a foreign country, it shows the ISP as Google and the hostname I don't recognize. My ISP is not Google, that's for sure. Am I golden?

Yes, you are. Our VPN servers query Google DNS so it's fine that you see them in the dns tests. Once cleaned from the privacy issues (task accomplished by our servers), Google DNS are excellent because of their superior performance and no censorship.

Kind regards

In Utorrent you can see there is a choice socks4, socks5, HTTPS, HTTP can I use this with Air VPN, as per the attached screenshot.

Thanks

Hello!

You don't need to tunnel uTorrent over a proxy when connected to AirVPN. It will result in a serious performance hit. The advantage is that in case of unexpected VPN disconnection chances that uTorrent will reveal your real IP address are lower, however if you secure your connection against leaks (see the permanent links in the announcements section of the forum) witch a firewall you will obtain higher security without performance being impaired.

Kind regards

First off, I wish to congratulate AirVPN on providing such a wonderful service and caring so much about user privacy. I hope you guys never change in that regard!

I was wondering if it would be possible to use AirVPN in a virtual machine (Virtual Box or VMware Workstation 9) on a Windows 7 host without fear of ANY leakage of our real IP or other identifying information. I wish to stress that using AirVPN in a virtual machine would be strictly an "added bonus" for me and I don't HAVE to have it. Thus, if there is ANY risk of identity leakage, I wish to know about it.

Thanks for your time.

Hello!

Thank you for your nice words, they are much appreciated.

Unfortunately it is not possible to give you a general answer which depends on how you'll use the VM, which OS will run in it and whether it will be bridged or NATted, and in the latter case whether the VPN connection will be performed by the host, by the guest or by both. The only vague but safe answer is "yes, there may be leakages", but it won't help you at all. Another vague and general answer is that IF properly used a VM can greatly enhance security and privacy.

Kind regards

I'm not sure I understand how to do either of those two things.

Hello!

About changing DNS servers:

http://www.plus.net/support/software/dns/changing_dns_mac.shtml

About setting up rules for pf (an OpenBSD very powerful packet filtering tool and firewall): just follow the linked guide and do not hesitate to contact us if you get stuck at some step. pf is already installed by default on your OS X version.

Kind regards

Sorry about using the wrong version. After using the beta of TB, I'm able to connect just fine.

Hello!

Fine, we're very glad to know it.

Now, another issue I'm having is that when connected to the VPN, it fails a DNS leak test.

Any suggestions? MUCH appreciated

You can force on your network cards 10.4.0.1 as primary DNS, see also https://airvpn.org/specs

Furthermore, you might like to secure your connection against leaks in case of unexpected VPN disconnection:

https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=1713&limit=6&limitstart=36&Itemid=142#2532

Kind regards

I signed up for a one month service and I can't get it working. I"m on a Mac, using TunnelBlick. I imported the config files, it tries to connect then just refuses. Says my password is wrong?

It doesn't prompt me to enter a password -- I thought the generator page on the website exported all of this?

Here is my log. Can someone please help me?

Thank you.

2012-10-20 17:19:52 *Tunnelblick: OS X 10.8.2; Tunnelblick 3.2.8 (build 2891.3099)

Hello!

Tunnelblick 3.2.8 is not compatible with Mac OS X 10.8.2. Please upgrade to the appropriate release (at the time of writing 3.3beta21a):

http://code.google.com/p/tunnelblick/wiki/DownloadsEntry?tm=2

Kind regards

Hello!

The connection looks fully successful, our VPN DNS IP is reachable, and yet your system does not appear to send proper queries to our DNS. We met this problem in the last few days with some Windows 7 systems.

Try to force the following DNS on your physical network card:

10.4.0.1 (our internal DNS)

87.118.104.203 (German Swiss Privacy Foundation primary DNS)

In order to do so, open Start->Control Panel->Network and Internet->Network and Sharing Center->Change Adapter Settings.

Right-click on your physical network card (cable of WiFi, named usually "Local Area Connection" and "Wireless Network Connection") and select "Properties". Highlight Internet Protocol Version 4 (TCP/IPv4) and click on Properties. In the subsequent window enter 10.4.0.1 as Preferred DNS and 87.118.104.203 as Alternate DNS.

In case of issues in the above steps please see http://www.sevenforums.com/tutorials/15037-dns-addressing-how-change-windows-7-a.html

Please feel free to let us know at your convenience if all of the above solves your problem.

Kind regards

Hello!

Can you please determine whether it's a DNS problem?

Try from a command prompt (while you are connected):

ping airvpn.org

ping 212.117.180.25

ping 10.4.0.1

and send us the output.

Kind regards

Hello:

I tried running this firewall at a restaurant with the IP address of 10.1.10.95, an router address of 10.1.10.1, and a subnet mask of 255.255.255.0, and it doesn't block when the VPN is disconnected. Can anybody tell me what is wrong with it?

Hello!

In this case the firewall will not block anything because of the following lines:

sudo ipfw add 05000 allow log ip from 10.0.0.0/8 to any

sudo ipfw add 05100 allow log ip from any to 10.0.0.0/8

which must be replaced in any case with the proper AirVPN IP ranges.

Please see https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=2935&Itemid=142#4481

Kind regards

Hi,

The settings are working for the browser and torrents. Just wondering how to get tor to work also. At the moment the VPN needs to be connected first, but I would rather connect to tor then AirVPN. Could you please tell me how to do this with Comodo? I promise I will stop asking questions once I know this!

Hello!

You can't know in advance the TOR entry node which your system will connect to, so this set of rules is inadequate.

Kind regards

Hello!

Can you please send us the output of the command "ipconfig /all" before the connection, and while the connection is still up?

Kind regards

Hi,

Still awaiting a response.

Thanks

Hello!

Thank you for your inquiry, can you please check your inbox again? Is the e-mail address associated with "xdroid" good?

Kind regards

With another server works fine. Hopefully this wont occur again. THANK YOU!

Didnt use those command for command prompt if there is no need for them.

Hello and thank you!

If you a see a lot of these:

2012.10.19. - 22:26 Replay-window backtrack occurred [1]

in your logs and the bandwidth goes down a lot, then you can try a connection to a TCP port.

Please do not hesitate to contact us for any further information.

Kind regards

@anetis

Hello!

The logs do not show problems. Can you please try different servers and TCP ports and let us know the outcome?

Also, while you're connected to Vega port 443 UDP (as in your reported log), please open a command prompt and issue the following commands:

ping airvpn.org

ping 212.117.180.25

ping 10.4.0.1

ipconfig /all

and please paste here the output.

Kind regards

This is the first time.

Please, give me a min to find those logs. Im not so great with computers. sorry.

Hello!

Assuming that you use Windows:

If you use the Air client:

- right click on the Air dock icon, select "Logs", click on "Copy to clipboard" and paste here

If you use OpenVPN GUI:

- right-click on the OpenVPN GUI dock icon, select -->View Log. A text editor will open the log file, select all the text, copy & paste.

Kind regards

I have the same problem. If I connect to VPN, I lose the internet connection.. I dont have PeerBlock.

Please help!

Hello!

Can you please send us your client logs?

You subscribed some months ago, has this problem occurred recently?

Kind regards

Hello!

When you're connected, and before the ping timeout occurs, can you ping the entry-IP of the server you're connected to?

For example (in your Serpentis case):

ping 178.248.30.131

Just in case, are you running PeerBlock on your system? Is the problem occurring even with any firewall and antivirus (and PeerBlock) disabled?

After you have checked that, try a connection to a different server. Also, try a connection to a TCP port.

We're looking forward to hearing from you.

Kind regards

P.E.R.F.EC.T.

Everything's running smoothly, and no leaks.

Do you see anything else in my settings that I could be improved ?

Thank you so much for your help !

Hello!

Great, glad to know it.

According to your reports no improvement is necessary.

For your comfort, you might define a Network Zone (for example [Air servers entry IPs]) containing only the entry-IP addresses of our servers and then set two rules like

Allow TCP or UDP In/Out From In [Air servers entry IPs] To MAC Any Where Source Port Is Any And Destination Port Is Any

Allow TCP or UDP In/Out From MAC Any To In [Air servers entry IPs] Where Source Port Is Any And Destination Port Is Any

In this way, you will only need to add a single IPv4 addresse to that Network Zone in order to connect to a new server, instead of defining two additional rules for each server, which may be annoying if you switch between a lot of servers.

Kind regards

Hello!

Ok, situation now is much clearer.

The rule:

Allow TCP or UDP In/Out From MAC Any To IP 192.168.0.254 Where Source Port Is Any And Destination Port Is Any

will allow at least DNS leaks, please delete it.

The rule:

Block And Log TCP or UDP In/Out From MAC Any To MAC Any Where Source Port Is Any And Destination Port Is Any

is sub-optimal because prevents only TCP or UDP leaks, please modify it into:

Block And Log IP In/Out From MAC Any To MAC Any Where Protocol Is Any (this will expand the total block to layer 3).

We're looking forward to hearing from you.

Kind regards

Hi,

Actually, I said that I had access to my router/nat , but not anymore..

Hello!

Unfortunately you renamed your Global Rules, so we can't see what they really state. It's not your fault, it's ours, we did not specify in the guide NOT to rename the rules, because renaming them makes troubleshooting impossible. We'll modify the guide accordingly. Anyway, from what we can see on the Comodo firewall event logs, it looks like you were not connected to an Air server, because there is a suspiciously high number of blocks from 192.168.0.31 to several different IP addresses.

From your description, the DHCP rule is wrong, it should allow communications toward IP 255.255.255.255, because before the DHCP negotiation your computer can't know the address of your router or even the subnet of your network, see RFC 1541 and RFC 2131 or http://support.microsoft.com/kb/169289

Can you please delete your customized rules names, re-send the Global Rules and send us also the logs of your client and the output of the command "ipconfig /all"?

It's funny how Comodo takes quite a while to actually apply the new rules... Should be instantly (?).

It should take no more than a couple of seconds...

Kind regards

Hi,

I'm experiencing problem regarding to access all CloudFlare website.

I'm connected to Serpentis server and I receive an access restricted warn (with captcha request) because it say that:

"One computer on your network is compromised by a virus".

I don't receive alert if I'm disconnected from airvpn.

Regards

Hello!

We're sorry for the inconvenience. If some of our clients is sending out viruses through Serpentis it is violating our ToS. Please be aware that ToS violations will lead to investigations and account termination. Of course, it might also be just a false positive from CloudFlare.

Kind regards

Thanks, I actually did try that even though the directions say you need that rule if you're using your router for DHCP, which I am not, I have a static local IP. I will try it again and see what happens. Also, excuse my first post, I thought you could attach multiple files, but it looks like it only accepts one.

Hello!

No problems, you can put all the files in a single zip archive or send them via mail to info@airvpn.org.

Kind regards

Hi,

Those were the logs I tried to send yesterday but realised today I couldn't due to it being a html file.

I have since changed the DHCP settings. Here are the current logs.

Hello!

In order to allow us to provide you with proper support please see https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=3405&Itemid=142#3512

Kind regards

Hello,

I can't open Bitshare.com from DE Tauri. Maybe off for other servers too. Ive not checked

Ping to www.bitshare.com failes

Its possible they block this vpn server ?

Please check it

Hello!

We confirm that bitshare blocks Tauri. Perhaps they are trying to make their service capable to track their users for legal concerns (it would be understandable after all the troubles occurred to file hosting services) or because they are hostile to privacy, who knows. At the moment it's possible to access bitshare at least from Herculis and Virginis.

Kind regards

I updated to 18948 and now VPN appears to be working perfectly through my dd-wrt router.

OK, so, step 2: How can I now route only traffic on ports 80 and 443 (for example) through the tunnel, and everything else via my ISP?

I would like to secure some traffic through the VPN, but not Netflix (I'm in Canada, and Netflix has a crap if I use my account from a US (or other country) IP.

Thank you!

Hello!

Splitting traffic on a ports basis within a subnet requires NAT filtering. An alternative method is splitting traffic on a destination IPs basis. See

https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=3721&Itemid=142#3724

but beware that the reported IP ranges are wrong, you'll need to discover Netflix IP ranges (and you'll have to elaborate a complementary solution - the message covers the case for which Netflix access is NOT tunneled - in your message it's unclear whether you want it to be tunneled or not).

If you have more than one device connecting to the router, you can implement Policy Based Routing on the DD-WRT (which supports it) so that a certain device (the one that you wish to use for Netflix) will be or will not be tunneled over the VPN:

http://www.dd-wrt.com/wiki/index.php/Policy_Based_Routing

[EDIT] Please see also here: http://www.dd-wrt.com/phpBB2/viewtopic.php?p=711921

Kind regards